Product
An authenticated attacker can exploit CVE-2026-59255, a missing authorization vulnerability in BloodHound versions through 9.4.0's custom-nodes API endpoints, to modify the global graph schema by creating, updating, or deleting custom node types, affecting all users and tenants.